CISM/CISA/CRISC/CGEIT December 2012 Feedback

badrottie

Another career milestone: passed the CISA.

Even though this makes it 3-for-3 for me in clearing the CISSP, CISM and CISA on the first attempt, this was the one exam that I was most outside my "comfort zone". In preparation, I used the official ISACA material (CISA 2012 Review Manual and question database). If I have any advice to give, it would be "Think like an accountant, and approach the problem from that perspective".

Congratulations to all those that passed, and those that did not, best of luck next time.

Cheers!

NotEvenTrying

Results are posted in our profiles now.
Guess I didn't request email.

Passed...first attempt.
Only study was reading manual cover to cover three days leading up to exam.
Had purchased questions...never used them.

I should note that I have 5+ years experience in auditing information systems though.

I imagine that additional certifications should be readily attainable for me.

What would be the best additional ISACA or IS related certification to pair with CISA? I'd like to transition into management.

Congrats everyone and for those that didn't pass, don't give up.

vasyvasy

NotEvenTrying wrote: »

What would be the best additional ISACA or IS related certification to pair with CISA? I'd like to transition into management.

How about CISSP, some project management or risk management?

mang109

I am suprised to say I passed CISA (628 ). I really felt the exam went badly, and want very impressed with the questions at the time, so I am quite glad to have passed.

Does anyone have any idea, on the ISACA marking numbers, what the average score for CISA is? There was a huge debate at work today and no-one can decide what it would be.

Congrats to all who passed, good luck to those who did not - remeber its not the end of the world, and you can always do it again.

andhow

mang109 wrote: »

I am suprised to say I passed CISA (628 ). Does anyone have any idea, on the ISACA marking numbers, what the average score for CISA is? There was a huge debate at work today and no-one can decide what it would be.

Based on the little that I've seen, the CISA scores are typically much lower than CISM scores. I seem to remember that CISA has about a 50% pass rate and CISM has a 75% pass rate, so this would make sense.

Your CISA score is also the highest that I've seen so far on here. Congrats!

badrottie

NotEvenTrying wrote: »

What would be the best additional ISACA or IS related certification to pair with CISA? I'd like to transition into management.

Without further information regarding your background, it is hard to make any real solid recommendations, so with that in mind:

Many senior IT/IS management professionals (CXO, Directors) that I know who would not be caught dead listing a Cisco or Microsoft certification on their resume will invariably list their (ISC)2 and ISACA designations. That is telling in and of itself. If anything, having more than one professional designation from different professional bodies shows serious commitment to your profession and capabilities as an employee.

ISACA does offer other designations that are more aligned with managerial aspects of information security, either from a risk management or governance aspect:

• CGEIT
• CRISC
• CISM

The caveat is that your must meet the experience requirements in order to be granted them. If you don't have relevant information security management experience (min. 4 years), you cannot get the CISM, for example. All the information is posted on the ISACA website for each of their respective professional designations.

Alternately, (ISC)2's CISSP is also an excellent designation to hold. Overlapping, but different domains of knowledge, but in the end highly complimentary. As you certainly know, (ISC)2 has their own experience requirements to qualify for the CISSP, but again, that information is readily available on their website.

The PMP is another good route into management, if that is what drives you. That is not where my interests lie, so I've decided not to pursue that certification.

In the end, there is no piece of paper, degree or whatnot that will guarantee entry into management. There are things that will help, but ultimately, it is up to the individual.

Cheers.

JayDub211

Got my results yesterday at 4:58pm. Passed with a 468!

I did want to do better, but passing is great in itself. Will NEVER have to take this test again!

Im sure all the studying I did helped but having 5 years IT auditing experienced was a blessing also.

I would take advantage of all studying available to you if you want to take any of these exams!

Good luck everyone!

oradev

CISPhD wrote: »

What do you mean NOW onto CISSP? You should have already been studying for two months! :P

You're right. But I was mentally worn out after the CISM. I started CISSP prep a couple weeks ago. I'm planning to take the exam in abril.

numberfive

badrottie wrote: »

Another career milestone: passed the CISA.

If I have any advice to give, it would be "Think like an accountant, and approach the problem from that perspective".
!

I would completely disagree with that, you must think from compliance perspective mostly, not from cost\benefit as security officer. Accounting knowledge or any perceptive will not assist you at all with CISA.

badrottie

numberfive wrote: »

I would completely disagree with that, you must think from compliance perspective mostly, not from cost\benefit as security officer. Accounting knowledge or any perceptive will not assist you at all with CISA.

Mea culpa for not clarifying my original statement more. I meant from approaching a question from an risk, assurance and compliance standpoint, and not from a financial, managerial or cost accounting aspect. Thanks for catching that.

minbag

To those who didn't pass - don't give up. You probably know the material - you just need to understand how the questions should be answered. I found that doing the test questions over and over again really helped me get into the groove of isaca and how they word questions.

I hope this helps.

yogesh.karthik@gmail.com

Passed with a 600 ! really surprised and happy considering that i have no IS audit experience till date ( i am doing my undergraduation ) and are there any merit lists for this exam because people who took the exam were suggesting i should check if i had got into the merit list for my region. I am from Chennai region (Tamil Nade, INDIA)

za3bour

minbag wrote: »

To those who didn't pass - don't give up. You probably know the material - you just need to understand how the questions should be answered. I found that doing the test questions over and over again really helped me get into the groove of isaca and how they word questions.

I hope this helps.

Thanks,

I agree, they have their way of doing exams which i found very different (compare to MS for example). their material too was not that easy to read for me personally. I do know that putting more time and trying more Q&A will help.

Good luck for all in the next exam

ar692

Does anyone know, is CISA offer reevaluation of the marks. As iam really surprised to see my marks 431::.
My paper really went too good. Dnot know the reason

Lot of hardwork..........again...........:)

bmac

ar692 wrote: »

Does anyone know, is CISA offer reevaluation of the marks. As iam really surprised to see my marks 431::.
My paper really went too good. Dnot know the reason

Lot of hardwork..........again...........:)

I believe you can apply to have your paper remarked. Not sure on the process of doing so though nor am I sure how many of those that do get remarked have their scored changed. If you do have to resit, good luck.

w0rd

ar692 wrote: »

Does anyone know, is CISA offer reevaluation of the marks. As iam really surprised to see my marks 431::.
My paper really went too good. Dnot know the reason

Lot of hardwork..........again...........:)

Unfortunately, you did not pass. Re-scoring the sheet will do nothing unless you happened to change almost every answer and, as such, have a very messy answer sheet, such as lot of erase marks. I'd suggest looking over your study plan and making the appropriate adjustments for next time. Good luck.

w0rd

yogesh.karthik@gmail.com wrote: »

Passed with a 600 ! really surprised and happy considering that i have no IS audit experience till date ( i am doing my undergraduation ) and are there any merit lists for this exam because people who took the exam were suggesting i should check if i had got into the merit list for my region. I am from Chennai region (Tamil Nade, INDIA)

Never heard of an ISACA merit list. Is this a regional thing?

cailuqin

Passed 564

I was sweating in the beginning of the exam, many questions so subjective, I can only guess. Getting into the middle of the exam, I became more and more confident, 3 month hard study paid off, a lot of questions I could answer them right away. Here is the result:
The Process of Auditing Information Systems: 458
Governance and Management of IT: 500
Information Systems Acquisition, Development and Implementation: 575
Information Systems Operations, Maintenance and Support: 615
Protection of Information Assets: 598

Only used the ISACA manual book and the question database CD, 3 month 7pm-12am study every night.

My opinion, rely on the ISACA manual book is enough, but you need to really memorize and understand it. I know the material is dry and reading it is a pain, but it will help you pass the exam. The question CD only give you a taste of the exam, I did not see any single question in the real exam is from the CD.

jtkuhlman

I asked ISACA to rescore my 2010 CGEIT exam and they did at a cost of $50.

I believe that the 2010 is also the exam where a 'unique human error was found' that led to some scores changing -- and as a result, more passing scores.

If memory serves, I simply called ISACA Cert. Dept.

numberfive

jtkuhlman wrote: »

I asked ISACA to rescore my 2010 CGEIT exam and they did at a cost of $50.

I believe that the 2010 is also the exam where a 'unique human error was found' that led to some scores changing -- and as a result, more passing scores.

If memory serves, I simply called ISACA Cert. Dept.

What was the result? Previous and final score?

jtkuhlman

I failed miserably the first time I took the exam (2010) despite walking away feeling confident. My exam scores went up a little, but not enough to reach passing. I cannot recall the exact score. I think two of my domain areas went up.

I do believe that some passed as a result of the error but no one failed who had previously passed.

yogesh.karthik@gmail.com

w0rd wrote: »

Never heard of an ISACA merit list. Is this a regional thing?

Ya i believe so, not that i ve personally seen these but i ve heard from my colleagues and seniors. Seems there are regional ranks the local chapter will award ...

yogesh.karthik@gmail.com

jtkuhlman wrote: »

I asked ISACA to rescore my 2010 CGEIT exam and they did at a cost of $50.

I believe that the 2010 is also the exam where a 'unique human error was found' that led to some scores changing -- and as a result, more passing scores.

If memory serves, I simply called ISACA Cert. Dept.

What is the procedure for rescoring ? any idea about the chances of a successful pass on rescoring? One of my friends scored 437 in his CISA Dec 2012 , should i advise him to rescore ? He has already started preparing for the next CISA exam this June 2013....
.

rmcneillie

Managed to fail my CISA exam with an impressive low score of 329. I was wondering if anyone on here could give me any advice on a study plan. I have no practical experience of doing IT audit and the only knowledge I have on the subject has come from reading the review manual. Any help/advice is greatly appreciated.

Cheers,
Ryan

paul78

Hi Ryan, welcome to TE. I wish you good luck next time around. I would suggest that you also use the Q and A Guide and Supplement. Many people also recommend the Q and A database. I personally do not feel that it's necessary to use any materials other than the official ISACA books if a candidate meets the requirements to be certified.

bmac

Ryan,

I read the the review manual three times and completed nearly 5000 questions in the Q+A database, I used no other materials. I found the Q+A the most useful and feel I learnt the most from this. Make sure that whether you answer questions correctly or incorrectly, to read the explanation afterwords, otherwise you're just learning the answer to the question but not why it is correct.

andhow

Hi Ryan,

I used the CISA Study Guide, by Cannon. I already have a background in IT operations and information security, so I focused on the more traditional "audit" components. These were chapters 1-3 out of 8. A coworker of mine who has a solid background in internal audit, but limited Information Systems experience used the same book and passed as well. Neither of us used any other study resources.

SecMan3000

I passed with a 532 without studying for a single second! I'm not sure if this speaks to my experience in Info Sec (3 years although none in audit) or that certs in general are meaningless although necessary in the job market. I missed the deadline to defer and due to personal circumstances I didn't have time to study but since I lived very close to the exam center, I thought what the hell, might as well write it expecting to fail.

I did take a really good prep-course for my CISSP (and studied a lot) which I found useful in this exam. Not so much the material but rather the technique for answering questions. Anyways, interesting. So I submitted my application, does it really take the full 8 weeks they quote?

andhow

Some people have gotten through the application process in as little as two weeks. I sent in my application on February 5, and I think I'm close to receiving my CISA credentials. My application status is now "Approved", but the website still says that I don't hold any certifications. I assume that it'll go through any time now. I'll update this post and let you know how long the entire process took me after my status changes.

Edit: The website just changed. I applied on February 5 and was awarded the cert on February 28. The process took 23 days.

chk2206

I have so say (not to sound very negative) but ISACA is terrible for efficiency! It's honestly laughable that an IT examination is taken on paper in 2013. Sigh. Beyond that the lead time to find out the results just seems way too long as well. When I found out I passed the exam and submitted my application (emailed) to ISACA, there is an additional 8 weeks they claim is necessary for "processing time". 8 weeks?!? I want to present this cert to my management and add to my credentials and I feel like I am in an endless waiting period with this this organization. When I check the website it tells me my application status is complete-pending audit. I don't know exactly what this means, but I think I'm going to definitely scream loudly if it means it will take ISACA even longer to get me my official cert.